Light Dark
September 6, 2022 By Mike Elgan 3 min read
Intelligence & Analytics
Security Services

The globally-recognized Certified Information Systems Auditor (CISA) certification shows knowledge of IT and auditing, security, governance, control and assurance to assess potential threats. As you can imagine, it’s very much in demand. It can also be confusing.

Is CISA certification related to the cybersecurity and infrastructure security agency?

CISA, the certification, is related to CISA, the federal agency, right?

Wrong.

It’s an easy assumption to make. Both use the CISA acronym. Both are involved in cybersecurity. However, they are not related to each other.

CISA, the federal agency, is the Cybersecurity and Infrastructure Security Agency under the Department of Homeland Security. It has existed only since 2018. Its mission is to protect the U.S. government from cyber attacks.

On the other hand, the CISA certification has existed since 1978. It was marking its 40th year when the federal department using the same acronym began.

A CISA-certified professional is someone who independently verifies security controls and advises management, the board and the audit committee if there is one. They can inform on policies, procedures, infrastructure and more, and on whether or not security issues are being addressed and what the risks are for not addressing them.

The benefits of a CISA certification

Beyond security officers, the CISA certification is also great for compliance analysts, program managers, risk analysts, data protection managers and IT consultants. The average salary for IT auditors with a CISA certification is $128,086 per year, according to ISACA — an average 22% pay increase right away — which is far more than non-certified auditors make.

The certification puts you in high demand right away, Major consulting firms, financial groups and other businesses seek it out.

In fact, the demand is so high that there are currently more job openings that require the CISA designation than there are people who hold the credentials. Because the demand is so high, those who have it can switch industries and pick the kind of organization they would like to work for.

Because it’s a global certification, you can also choose the country you’d like to visit or live in. In the new world of remote work and digital-nomad living, holding a global and highly prized certification means you can live abroad and still advance your career. It’s also a gateway to engaging and varied work that deals with the newest tools and threats.

Employing a CISA-certified auditor helps business leaders understand and manage security risks. It’s also often extremely helpful for business partnerships. By telling prospective partners that you employ a CISA auditor, you’re providing assurance that you value security.

How do you get CISA certified?

The Information Systems Audit and Control Association (ISACA) is the best place to start your CISA journey, as they offer several ways to prepare for the exam. You can also get the prep systems from third-party companies and a range of schools.

Applicants for the four-hour, 150-question CISA exam need at least five years of professional auditing, controlling or information security work within the past 10 years. (You can get by with just three years in special cases involving education.)

The test covers five domains:

  • Information system auditing process
  • Governance and management of IT
  • Information systems acquisition, development and implementation
  • Information systems operations, maintenance and service management
  • Protection of information assets.

When you pass, you’ll be a certified information auditor. People with the certification refer to themselves as a “CISA” (pronounced either SIS-ah or SEES-ah).

You’ll have to maintain the certification by earning education credits every three years and paying a small annual maintenance fee.

Working as a certified systems auditor

If you do pass the CISA, you can expect to work on creating audit strategies for information systems based on a foundation of risk management, and then planning, running and following up on those audits. Afterward, you’ll take another look at the audits to establish whether or which suggested actions have been accomplished.

The work of a certified systems auditor involves elements of:

  • Risk management
  • Resource management
  • Business-IT alignment
  • IT policies
  • IT standards and procedures
  • Business continuity and disaster recovery
  • IT personnel management
  • IT organizational structure and controls.

In fact, you’ll be involved in all aspects of cybersecurity, as well as core aspects of the organization itself. CISA certification is one of the most valuable credentials for security pros, as well as for organizations, to have in their tool belts.

 |  | 
Mike Elgan

More from Intelligence & Analytics
September 5, 2024

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

August 21, 2024

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature